Browse Exams Pricing

ExamsCISAQuestions

CISA Exam Questions

650 real CISA exam questions with expert-verified answers and explanations. Page 12 of 13.

Question #552Protection of Information Assets
Which of the following is MOST important for an IS auditor to confirm when evaluating security controls in a virtualized environment?
Virtualization SecurityHardeningSecurity ControlsIS Audit
Question #553Protection of Information Assets
An IS auditor is examining cryptographic key management with a focus on ensuring the protection of cryptographic keys against modification and unauthorized disclosure. Which of the...
Cryptographic key managementInformation security policiesIS audit methodologyProtection of information assets
Question #554Protection of Information Assets
Which of the following is the BEST way to ensure Internet of Things (IoT) devices do not retain default admin passwords?
IoT SecurityConfiguration ManagementPassword SecuritySecurity Controls
Question #555Governance and Management of IT
Which of the following responses to risk associated with separation of duties would incur the LOWEST initial cost?
Risk ManagementRisk Response StrategiesSeparation of DutiesCost Implications
Question #556Information Systems Operations and Business Resilience
Which of the following would provide the MOST useful information for evaluating whether network availability is meeting the performance objectives set by management?
Performance monitoringNetwork availabilityMetrics dashboardsKPIs
Question #557Governance and Management of IT
Which of the following is the MOST important benefit of using control self-assessments (CSAs)?
Control Self-Assessment (CSA)Risk ManagementControl MonitoringProactive Risk Identification
Question #558Protection of Information Assets
Which of the following is the PRIMARY concern related to unapproved software usage within an organization?
Unapproved softwareSecurity risk managementData exposureInformation asset protection
Question #559Protection of Information Assets
Nonrepudiation services for e-commerce transactions is BEST achieved through which of the following?
NonrepudiationPKIDigital SignaturesE-commerce Security
Question #560Protection of Information Assets
Which of the following is the MOST important consideration when implementing a Zero Trust strategy for mobile, wireless, and Internet of Things (IoT) devices?
Zero TrustIdentity and Access ManagementMobile SecurityIoT Security
Question #561Information System Auditing Process
Which of the following is an IS auditor's BEST recommendation after identifying that HR staff create new employees in the payroll system as well as process payroll due to limited s...
Segregation of DutiesCompensating ControlsInternal ControlsPayroll Systems Audit
Question #562Protection of Information Assets
Which of the following should be an IS auditor's PRIMARY area of focus when auditing an organization's deployment of Internet of Things (IoT) devices?
IoT SecurityData ProtectionIS Audit FocusSecurity Controls
Question #563Information System Auditing Process
An organization uses AI models to analyze customer complaints and generate responses. Which type of audit should be performed to determine whether AI-generated text in responses to...
Compliance auditRegulatory requirementsAI auditingAudit types
Question #564Information System Auditing Process
An organization's management has asked the internal IS auditor for input in developing a control to prevent the recurrence of a deficiency. Which of the following is the auditor's...
Auditor IndependenceAuditor ObjectivityInternal Audit RoleProfessional Ethics
Question #565Protection of Information Assets
Which of the following controls BEST provides confidentiality and nonrepudiation for an online business looking for digital payment data security?
ConfidentialityNonrepudiationPKIDigital Payment Security
Question #566Protection of Information Assets
Based on best practice, which types of accounts should be disabled for interactive login?
Service Account SecurityAccess ControlSecurity Best PracticesAccount Management
Question #567Governance and Management of IT
Which of the following would be of GREATEST concern to an IS auditor reviewing an IT strategy document?
IT StrategyStrategic AlignmentIT GovernanceAudit Concerns
Question #568Protection of Information Assets
An organization has recently implemented additional application programming interfaces (APIs) to enhance data exchange with vendors. Which of the following is MOST important to ens...
API SecurityAuthorization ControlsInformation Asset ProtectionAudit Testing
Question #569Information Systems Acquisition, Development, and Implementation
Which of the following would present the GREATEST risk within a release management process for a new application?
Release ManagementChange ManagementRisk ManagementInternal Controls
Question #570Governance and Management of IT
Which of the following is the main objective of enterprise architecture (EA) governance?
Enterprise ArchitectureEA GovernanceIT GovernanceHarmonization
Question #571Information Systems Operations and Business Resilience
Which of the following is MOST important for an IS auditor to review when the organization's primary objective is to improve system performance for customer-facing services?
Capacity managementSystem performanceIT operations auditService delivery
Question #572Protection of Information Assets
An IS auditor observes that an organization uses generic user IDs for access to licensed enterprise resource planning (ERP) software. Which of the following should be the auditor's...
Access ControlAccountabilityUser IdentificationAudit Findings
Question #573Information System Auditing Process
An organization has outsourced its internal audit activity to a third-party service provider due to financial constraints and the lack of appropriate skill sets. Which of the follo...
Audit Quality AssuranceOutsourced Internal AuditInternal Audit OversightAudit Process Improvement
Question #574Governance and Management of IT
Which of the following should be the GREATEST concern to an IS auditor evaluating an organization's policies?
IS AuditPolicy EvaluationControl AdequacyGovernance
Question #575Protection of Information Assets
When processing speed is the highest priority, which cryptographic algorithm should be used to verify the integrity of a bit-for-bit copy from digital evidence?
Cryptographic algorithmsHashingDigital forensicsIntegrity verification
Question #576Information System Auditing Process
Following a discussion on the results of a recent audit engagement, the process owner of the audited area has provided an action plan addressing the gaps and recommendations. The a...
Audit follow-upResidual riskRisk appetiteEscalation procedures
Question #577Information Systems Operations and Business Resilience
Which of the following is a PRIMARY objective of incident management?
Incident ManagementService RestorationIT OperationsBusiness Resilience
Question #578Protection of Information Assets
Which of the following is the BEST method to safeguard data on an organization's laptop computers?
Data ProtectionFull Disk EncryptionEndpoint Security
Question #579Protection of Information Assets
Which of the following provides the GREATEST assurance that an organization has effective controls preventing connection of unauthorized Internet of Things (IoT) devices to the cor...
Network Access ControlIoT SecurityAccess ControlPreventive Controls
Question #580Information Systems Operations and Business Resilience
Which of the following is the MOST cost-effective way to determine the effectiveness of a business continuity plan (BCP)?
Business Continuity PlanBCP TestingTabletop ExerciseCost-effectiveness
Question #581Protection of Information Assets
Which of the following public key infrastructure (PKI) elements provides detailed descriptions for dealing with a compromised private key?
PKICertification Practice StatementKey ManagementInformation Security Policies
Question #582Information Systems Acquisition, Development, and Implementation
A staff accountant regularly uploads spreadsheets with inventory levels to the organization's financial reporting system. The transfers are executed through a customized interface...
Data integrityInterface controlsApplication auditingFinancial data accuracy
Question #583Information Systems Operations and Business Resilience
Which of the following IT service monitoring tools is MOST effective in identifying abnormal system events?
IT Service MonitoringAbnormal Event DetectionSystem ReportingException Reporting
Question #584Information Systems Operations and Business Resilience
An IS auditor is reviewing the disaster recovery plan (DRP) of an organization with offices across multiple regions. Which of the following should be the auditor's PRIMARY focus?
Disaster Recovery PlanIS AuditSystem DependenciesBusiness Resilience
Question #585Information Systems Operations and Business Resilience
Which of the following is the PRIMARY benefit of implementing an IT capacity management process?
IT Capacity ManagementPerformance ManagementInfrastructure ManagementService Level Management
Question #586Information System Auditing Process
Which of the following is an IS auditor's MOST important step in a privacy audit?
Privacy auditPII data life cycleAudit methodologyRisk identification
Question #587Protection of Information Assets
How does public key infrastructure (PKI) help to verify that a digitally signed document is not a forgery?
PKIDigital SignaturesCryptographyAuthentication
Question #588Protection of Information Assets
The PRIMARY purpose of a vulnerability assessment in a cybersecurity program is to:
Vulnerability assessmentSecurity exposuresProactive securityCybersecurity program
Question #589Information System Auditing Process
Which of the following is a PRIMARY benefit of an integrated audit?
Integrated auditAudit benefitsAudit efficiencyAudit optimization
Question #590Information Systems Operations and Business Resilience
Which of the following BEST describes the concept of fault tolerance in system resiliency?
Fault ToleranceSystem ResiliencyHigh AvailabilityIT Operations
Question #591Information System Auditing Process
A KEY benefit of integrated auditing is that it:
Integrated AuditingAudit BenefitsAudit MethodologiesCross-functional Auditing
Question #592Governance and Management of IT
Which of the following performance management tools BEST helps an IS auditor evaluate the success of an organization's IT strategy implementation and execution?
IT performance measurementIT strategy evaluationMetrics and KPIsIS audit tools
Question #593Information Systems Acquisition, Development, and Implementation
An IS auditor is asked to provide feedback on the systems options analysis for a new project. The BEST course of action for the IS auditor would be to:
IS Auditor RoleSystems Options AnalysisProject ReviewAudit Feedback
Question #594Governance and Management of IT
The management of a small e-commerce firm is concerned about the impact of AI adoption on its intellectual property. Which of the following BEST addresses this concern?
AI GovernanceIntellectual Property ProtectionAcceptable Use PolicyRisk Management
Question #595Protection of Information Assets
In a Zero Trust architecture, which element is MOST important for an IS auditor to evaluate to ensure that resources are accessed securely?
Zero Trust ArchitectureAccess Control PoliciesIS Audit EvaluationSecurity Controls
Question #596Information Systems Operations and Business Resilience
Which of the following are examples of corrective controls?
Corrective controlsIT controlsBackup and recoverySystem resilience
Question #597Information Systems Acquisition, Development, and Implementation
What type of control has been implemented when secure code reviews are conducted as part of a deployment program?
Control typesDetective controlsSecure code reviewApplication security
Question #598Information System Auditing Process
Which of the following would BEST assist an IS auditor in understanding the inputs and outputs of a microservice-oriented application?
Data Flow DiagramsSystem DocumentationAuditing TechniquesMicroservices
Question #599Protection of Information Assets
Which of the following would be of MOST concern to an IS auditor reviewing a data loss prevention (DLP) solution implementation for endpoints?
DLPEndpoint SecuritySecurity Control EffectivenessAudit Concerns
Question #600Protection of Information Assets
To ensure the organization is able to centrally manage mobile devices to protect against data disclosure, it is MOST important for an IS auditor to determine whether:
Mobile device securityData loss preventionRemote wipeSecurity controls
Question #601Protection of Information Assets
Which of the following MOST effectively reduces the risk of emails containing personally identifiable information (PII) being sent to unauthorized recipients?
Security Awareness TrainingPII ProtectionHuman ErrorRisk Mitigation

PreviousPage 12 of 13Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.